PIX 520B的基本配置
PIX Version 4.2(4)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password password encrypted
passwd password encrypted
hostname pix520_B
fixup protocol ftp 21
fixup protocol http 80
fixup protocol smtp 25
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol sqlnet 1521
names
no failover
failover timeout 0:00:00
failover ip address outside 0.0.0.0
failover ip address inside 0.0.0.0
pager lines 24
no logging console
no logging monitor
no logging buffered
no logging trap
logging facility 20
interface ethernet0 auto
interface ethernet1 auto
ip address outside 202.108.66.97 255.255.255.248
ip address inside 10.2.0.12 255.255.0.0
arp timeout 14400
global (outside) 1 202.108.66.100
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
no rip outside passive
no rip outside default
no rip inside passive
no rip inside default
route outside 0.0.0.0 0.0.0.0 202.109.77.98
timeout xlate 3:00:00 conn 1:00:00 udp 0:02:00
timeout rpc 0:10:00 h323 0:05:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
telnet 10.2.0.200 255.255.255.255
telnet timeout 15
mtu outside 1500
mtu inside 1500
floodguard 0
Cisco 2610B 的配置
Current configuration:
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 2610B
!
enable password password
!
username bluestudy password password
no ip domain-lookup!
!
interface Ethernet0/0
ip address 202.108.66.98 255.255.255.248
no shut
!
interface Serial0/0
ip address 202.108.8.1 255.255.255.252
no shut
!
interface Serial0/1
no ip address
shutdown
!
ip route 0.0.0.0 0.0.0.0 202.108.8.2
!
snmp-server community public RO
snmp-server community private RW
!
line con 0
line aux 0
line vty 0 4
login local
!
no scheduler allocate
end
Cisco 2610c 的配置
version 11.2
service udp-small-servers
service tcp-small-servers
!
hostname 2610C
!
enable secret cisco
!
ip subnet-zero
no ip domain-lookup
!
ip address-pool local
isdn switch-type basic-net3
interface Ethernet0
ip address 10.2.0.11 255.255.0.0
!
interface Serial0
no ip address
encapsulation frame-relay
frame-relay lmi-type ansi
!
interface Serial0.1 point-to-point
description Frame Relay to bluestudy1
ip unnumbered Ethernet0
frame-relay interface-dlci 10
!
interface Serial0.2 point-to-point
description Frame Relay to bluestudy2
ip unnumbered Ethernet0
frame-relay interface-dlci 11
!
interface BRI1/0
no ip address
shutdown
isdn switch-type basic-net3
!
interface BRI1/1
ip address 192.168.3.1 255.255.255.240
encapsulation ppp
timeout absolute 60 0
dialer idle-timeout 3600
dialer-group 1
isdn switch-type basic-net3
peer default ip address pool default
ppp authentication chap pap callin
!
interface BRI1/2
no ip address
encapsulation ppp
shutdown
isdn switch-type basic-net3
!
interface BRI1/3
no ip address
encapsulation ppp
shutdown
isdn switch-type basic-net3
no peer default ip address
!
ip local pool default 192.168.3.3 192.168.3.14
ip http server
ip classless
ip route 192.168.5.0 255.255.255.0 serial0.1
ip route 192.168.4.0 255.255.255.0 serial0.2
ip route 0.0.0.0 0.0.0.0 10.2.0.1
!
access-list 1 permit any
dialer-list 1 protocol ip list 1
line con 0
password console
login
line aux 0
line vty 0 4
password telnet
login
!
end
Cisco 1720A 的配置
version 11.2
service udp-small-servers
service tcp-small-servers
hostname bluestudy1
!
enable secret cisco
!
ip subnet-zero
no ip domain-lookup
!
interface Fastethernet0
ip address 192.168.5.1 255.255.255.0
!
interface Serial0
no ip address
encapsulation frame-relay
!
interface Serial0.1 point-to-point
description Frame Relay to bluestudy
ip unnumbered Ethernet0
frame-relay interface-dlci 10
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 serial0.1
!
line con 0
password console
login
line aux 0
line vty 0 4
password bluestudy1
login
!
end
Cisco 1720B 的配置
version 11.2
service udp-small-servers
service tcp-small-servers
hostname bluestudy1
!
enable secret cisco
!
ip subnet-zero
no ip domain-lookup
!
interface Fastethernet0
ip address 192.168.4.1 255.255.255.0
!
interface Serial0
no ip address
encapsulation frame-relay
!
interface Serial0.1 point-to-point
description Frame Relay to bluestudy
ip unnumbered Ethernet0
frame-relay interface-dlci 11
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 serial0.1
!
line con 0
password console
login
line aux 0
line vty 0 4
password bluestudy2
login
!
end
Lucent MAX 6000
对于阵列式访问服务器(朗讯的MAX 6000),可以起到小型ISP的作用,如果作了Callback的配置,那么员工就可以在家里也能够登陆到公司的网络。而且,因为E1线路通常是包月的,因此,可以省去员工的上网费用,当然也可以通过计费费软件,适当收费,实现以网养网。
对于其配置只要将大于30个IP地址加入地址池中,然后将所有路由指向中心交换机即可。
对于MAX6000的配置,通常是菜单形式的,可以根据向导进行配置。
在此,省略其配置。
但是,以前遇到一个问题,MAX 6000接入中心交换机(3Com 3500)时,将其路由指向3500,而3500也将拨入用户网络指向MAX 6000,但是产生如下现象
现象如下:
1.由MAX6000拨入的192.168.6.0网络与内部网络10.0.0.0 通讯正常,但是却不能与其他专线连接的网络(如:192.168.2.0)通讯.而路由指向与上述相同.
2.中心交换机是6500的时候,这些问题就解决了,怀疑是3500的错误,但是,当将MAX 6000的网络指向2610 A,同时,2610 A也将路由指向MAX 6000,在MAX 6000上Traceroute却连192.168.0.6都到不了.最终的解决办法就是,将192.168.6.0/24改成10.2.8.0/16,即给拨入用户直接分配内部地址,这就不存在路由问题了,所以,都可以正常通讯,不知是何原因.
网络管理
对于Cisco的网管软件的使用上是比较简单的。
在安装CWSI时,只要给出一个种子点的IP地址(如:中心交换机的IP:10.1.0.2)就可以了,在安装完软件以后,利用自动搜寻功能就可以找到网络中连接的Cisco设备了。同时,也要选择相应的数据库,对于PIX 520、Catalyst 6500、Catalyst 3500等要向代理要补丁包。因为没有补丁包网管软件连6500的模块都不能识别。
至于一些应用功能,只要参照使用手册看看就可以了。
但是,前提就是要安装 HP OpenView 等操作平台
对于CiscoView 的功能要简单得多,前台也可以安装SNMPS
而Cwsi 包含Cisco View。
阅读(1861) | 评论(0) | 转发(0) |
